Nothing Chats Removed From Google Play Store Amid Privacy And Security Issues

Nothing Chats allows Phone (2) users to send iMessage.

  • Nothing Chats app has been removed from the Google Play Store.
  • The app that allowed Phone (2) users to send iMessage was found to have privacy concerns.
  • Nothing launched the app in collaboration with the Sunbird messaging platform.

Nothing Chats has been pulled from the Google Play Store because of the serious security and privacy concerns. The brand launched the messaging app, which allowed Phone (2) users to send iMessage, in partnership with the Sunbird messaging platform. While the company assured users that the Nothing Chats app is end-to-end encrypted, it turns out that’s not the case.

According to an X user Wukko, not only is Nothing Chat not end-to-end encrypted but also sends all media attachments including images in attachments visible in plain text. The news has been further corroborated by Dylan Roussel of 9to5Google and Let’s take a look at what the Nothing Chats privacy issue is and how it affects users.

Nothing Chats Found to Have Serious Security and Privacy Issues

Nothing launched the Chats app last week and the CEO Carl Pei even released a video taking a dig at Tim Cook (seen above). The company announced that it’s bringing iMessage support for its Phone (2) users through the Nothing Chats app. This is something Beeper and Sunbird has been doing for a while. Moreover, Wukko says that Nothing Chats is nothing but a skinned Sunbird app. It works by asking users to sign in using their Apple credentials, which is then routed through a Mac server farm. What makes Nothing Chats and Sunbird stand apart is the promise of end-to-end encryption throughout the whole process as mentioned on both Nothing and Sunbird websites.

However, recent investigations have shown that these claims are simply untrue. According to various reports, the user data on Sunbird’s server can be accessed in plain text. The X user Wukko revealed that all media attachments including pictures, documents, and more are sent to Sentry with links to these attachments in plain text format. Additionally, all data sent and received through Nothing Chats is routed through Firebase, which is also unencrypted.

9to5Google’s Dylan Roussel further confirmed that Sunird has access to every message and data sent or received through Nothing Chats. What’s more concerning is that all media including images, videos, audio, PDFs, vCards, etc. on Nothing Chats is public. In what he calls the biggest privacy nightmare, Roussel says that Sunbird is using an error monitoring tool called Sentry to log messages, pretending them to be errors. Roussel could also access all media sent by other users on Sunbird and he mentions that there are over 6,37,780 media stored by Sunbird, which are public.

Rousel goes on to elaborate that vCards containing personal information of users (he found over 2300 users’ personal information were accessible) and files being saved with original file names are the biggest privacy concerns. He then went on to say that while Sunbird misled Nothing saying messages are end-to-end encrypted, Nothing should have done its diligence before slapping its brand name on the project. According to the expert, the brand should not just delay the launch of the Nothing Chats app but should cancel the whole project in the best interest of its users.